Strategic Aspects of Risk Management

Presented by The Institutes CPCU Society Risk Management Interest Group

2 The Institutes CPCU Society

• Click on the arrow next to Q&A

located in the lower right hand

corner of your screen.

• Type in your question in the

space provided.

• Click “Send.”

Note: Please make sure you

send your question(s) to “All

Panelists.”

Q&A

3 The Institutes CPCU Society

Please Complete Our Survey!

4 The Institutes CPCU Society

Antitrust Statement

During this webinar we intend to comply in all respects with the federal, state and

international antitrust laws. These laws forbid agreements among competitors in the

marketplace which restrict a company’s freedom to make independent decisions in

matters affecting competition.

Participants will not discuss, nor field questions about, any matters relating to individual

company rates, underwriting, coverages or marketing. We will not discuss:

• Present or future prices of products or services

• Present or future sales terms and conditions

• Treatment of any customer

• Current or future business strategies or marketing plans, or

• Refusing to deal with any customer, competitor, or supplier

5 The Institutes CPCU Society

Audio will be automatically streamed through your computer speakers.

Please leave this window open if you would like to listen to today’s presentation via audio broadcast:

If you do not have computer speakers:

Call in to the teleconference (us/canada only) at 1-877-668-4490

Enter event number 664 231 181

If you are having trouble with either option, please submit your need for assistance in the Q&A section.

Strategic Aspects of Risk Management

6 The Institutes CPCU Society

Presenter—

Chris Mandel, CPCU, ARME, RIMS-CRMP

Director, Sedgwick Institute

Senior Vice President, Sedgwick

Webinar Speaker

© 2017 Sedgwick Claims Management Services, Inc. - Do not disclose or distribute.

The Evolution & Future of Risk Management

Strategic Aspects of Risk

Management

Agenda ➢ Risk management evolution

➢ Risk profiles

➢ Risk in a strategic context

➢ Risk appetite and tolerances

➢ What is digital risk and the digitization of the risk profile?

➢ Business model risk

➢ VUCA and emerging risks

➢ Considerations for Managing Risk Strategically

➢ Key takeaways and questions

Value

Time

Fundamentals

Enhanced & Broadened

Operational Success

Strategic

High-Performance Risk

Management

• Focus: long-term success

• Scope: consistent, targeted

support to accomplish mission;

embedded risk management

practices/risk as a differentiator;

risk>innovation

Advanced Risk

Management

• Focus: short-term success

• Scope: mitigation of

controllable risks; manage

risk as an expense

Traditional Risk

Management

• Focus: insuring

against the bad things

• Scope: risk transfer,

insurance, loss

prevention, mitigation

of insurable risks

9

A Strong Migration Toward Strategic Influence

& Ultimate Success

Do some risks matter more than others?

10

An Enterprise Risk Type Spectrum

Strategic

• Acquisitions

• Business model

• Competition

• Demographic

• Brand

• Disruptive innovation

• Market

Operations

• Customer service

• Infrastructure

• Processes

• System capabilities

• Talent

• Technology

Financial

• Capital

• Cash flow

• Credit

• Debt obligations

• Foreign exchange

• Liquidity

• Etc.

External

• Economy

• Environment

• Geopolitical

• Regulatory

• Tax policies

• Weather events

• Etc.

12

Macro-level Categories to Consider

Environmental

Systemic

Cultural

Technological

Societal

Geopolitical

Economic

Addressing What Matters Most

Source: Corporate Executive Board

FR

EQ

UEN

CY

/LIK

ELIH

OO

D

SEVERITY/IMPACT

Expected vs. Unexpected

X Expected

Losses

Typically Uninsurable

Copyright ERM, LLC: All rights reserved; distribution

prohibited without permission

TypicallyInsurable

The discipline of risk management has

evolved from strictly a value-preservation-

based focus to a focus balanced between

protecting assets and creating or enhancing

value.

Strategic Risks

Regulatory Risks

Risk Appetite and Culture

Operational Risks

Financial Risks

Risk Tolerances, Ownership,

and Accountability

Effective Risk Management?A flexible and dynamic

risk management discipline is uniquely positioned to quickly adapt to change and identify opportunistic

risk to create new streams of revenue and increase value.

Value Preservation to Value Creation

To compete, you grow. To grow, you innovate. To innovate, you must take risk.

Scenario Modeling Is Key

How do we identify scenarios?

• What are the events that keep you up at night?

• Which events could trigger a catastrophic loss?

• How could your company’s name get into the news in an unflattering way?

• What events are the organization underprepared for?

• What events could fundamentally change the way the business operates?

What Is a Risk Profile?

➢ Key risks vs. all risks?

➢ What matters to whom?

➢ Alignment with KPIs/corporate scorecards

➢ Who owns and is accountable?

➢ Correlation with strategies and objectives

➢ Status of the control environment

➢ Status of targeted mitigation

➢ Trends and relevant changes

Your risk profile can and

should inform the organization’s

strategy.

What Is (Being) Digital?

Being digital is the reimagining of business processes to be, by default, a fully online and fully automated process from end-user interaction to back-office processing, with no need for human intervention. Attributes include:➢ Customer-first culture

➢ Real time

➢ Automated processing

➢ Intelligent

➢ Accessible online anywhere

➢ Attractive and user-friendly

➢ Drives change

➢ Continuously improving

Digitization Trends➢ Increasing speed of data availability, even in real time

➢ Increasing breadth and depth of exposure-data quality that, when aligned with loss data, enable a more complete view into risk profile

➢ Declining cost of more robust tech tools that will enable more risk leaders to be more effective and to better contribute at higher, more strategic levels

➢ Reduced regulatory burden flowing from the above as regulators get more comfortable with the way particularly large risk-bearing entities manage risk

➢ Increasing data-privacy challenges as more potentially sensitive private information is available to more stakeholders, including more exposure to bad actors

Digitization Trends

➢ Eventual complete digitization of risk profile

➢ More investment in data collection and analysis tools

➢ Increasing transparency among risk stakeholders

➢ Ultimately, declining cost of traditional risk and increasing cost of risk in emerging exposure areas

➢ Increasing formation of alliances and coalitions

Digital Risk

Management

Is Where

Risk Leaders

Would:

The future of risk management in the digital era- December 2017 | Report McKinsey & Co.

Capture and manage information from a broader and richer set of data

Capture and

Manage

Use advanced analytics to further improve the accuracy and consistency of its modelsUse

Embed mitigation solutions in the organization’s websites; mobile apps; and its financial, product, and process platformsEmbed

Enable leaders to consult self-serve dashboards informed by risk analysesEnable

Review and reshape its mandate and role to capitalize on its ability to provide faster, more forward-looking, and deeper insights and advice to the organization

Review and Reshape

Acquire sufficient technological skills/understanding to enable building digital risk resiliencyAcquire

Important Aspects of Digital Risk

Digital Risk

Digital in the

Business

Digital as a Business

Higher Speed of Impact

Strategic

Impact

Operational Impact

Governance Impact

22

Sedgwick © 2011 Confidential – Do not disclose or distribute. 23

VUCA Defines Risk in a Digital World

Volatile: nature, dynamics, and speed of change

Uncertain: lack of predictability, subject to surprises

Complex: multiplex of forces, confounding issues, chaos and confusion

Ambiguous: haziness of reality, mixed meanings, potential for misreads

Traits of Emerging Risks

Emerging Risks

High Level of Uncertainty

Lack of Consensus

Uncertain relevance

Difficult to Communicate

Difficult to Assign

Ownership

Systemic or “Business Practice”

Issues

Source: RIMS Executive Report Emerging Risks and Enterprise Risk Management © 2010 RIMS

Blockbuster’s Catastrophic Collapse

Pace of Change

VolumeVelocityVariety

What Is Business Model Risk?

• A business model is a company's plan for making a

profit or an organization’s plan for delivering it’s mission.

It identifies the products or services the business will

sell/provide, its target market and the expenses it

anticipates.

• Business model risks (BMRs) are the risks that could

prevent the plan from succeeding and the risks that must

be taken to successfully execute the plan.

• What about strategic risk management?

Investopedia, “Business Model,” https://www.investopedia.com/terms/b/businessmodel.asp.

Risks to the Business Model

• The risks facing an organization are comprehensive and touch all aspects of its activities (operations, finance, reputation and intangibles, legal and regulatory, etc.)

• The business model provides a rigorous framework for identifying risks.

• By stress-testing key linkages and assumptions, the board and management can determine what might go wrong and the consequences of the problem.

• Management can then develop very detailed risk management analyses around each key issue.

Risk Management and the Business Model

• Traditional risk management is more focused on controls to:– Stop value leakage.

– Minimize risk taking.

– Ensure compliance around operational model.

• Risk to business model often not well understood or assessed– Even when understood, risks often ignored.

– Most challenging to identify when the organization has been successful long term.

– Risk heat maps may only mislead further.

• Counterintuitive– Risk to business model can be mitigated by encouraging innovations.

– Innovation requires more risk taking.

– So, more risks must often be accepted to manage business model risks.

– The very processes that propelled and sustained success can be the cause of failure.

The Board, Risk, and the Business Model

The board has four important responsibilities in this area:

1. Determine the risk tolerance of the company, in consultation with management, shareholders and stakeholders.

2. Evaluate the company’s strategy and business model in the context of the firm’s risk tolerance.

3. Ensure that the company is committed to operating at an appropriate risk level. It relies on KRIs to help make this assessment.

4. Satisfy itself that management has developed necessary internal controls and that procedures remain effective.

Your Role In Addressing Strategic Business Model Risk

What are the key risks to the successful execution of our strategy and business

model?

Do we understand the root cause, impact, likelihood and potential velocity of

those risks that could prevent its achievement?

Are we taking the right risks and enough risk to achieve

the plan/mission?

Are we providing actionable risk information to

leadership on both sets of risks?

Are we monitoring and revising the risk profile in accordance with shifts in

the plan and accounting for new and emerging risks

relevant to the plan?

A Strategic Risk Management Approach

• Expected vs. unexpected risks

➢ Identifying

➢Assessing

➢Measuring

• Risk appetite and tolerances

➢Weighting and prioritizing risk

• Emerging and dynamic risk assessments

• Reporting on strategic risks

• Alignment and tie to strategy and performanceCopyright © 2011 Risk and Insurance Management Society, Inc. All rights reserved.

32

Risk Capability as a Feeder to Strategy

Four areas of improvement necessary for risk-strategy success:

1. Aligning, if not integrating, business strategy with risks

2. Adopting and applying dynamic risk appetite strategies/frameworks

3. Managing the diversity of stakeholder expectations

4. Improving risk sensing, monitoring, and reporting

Source: PwC’s Re-evaluating how your company addresses risk

Eight Steps to Integrating Risk and Strategy1. Build meaningful relationships with planning leaders.

2. Demonstrate to planners the direct relationship between specific key risks and the

strategic goals of the firm.

3. Demonstrate to planners the ability to treat these risks, including the clear understanding

of the cost benefit of mitigation.

4. Articulate examples of how new or greater risks taken can create value.

5. Identify and challenge fundamental assumptions.

6. Identify and look for signals regarding unexpected events.

7. Clarify whether these events are risks, opportunities or both.

8. Develop a plan with options that allow for resiliency in adversity through agility.

Source: Deloitte’s Shaping a Risk Intelligent Strategy

How Is the Digital Risk Profile Different?

➢ Key technology affected risks vs. all risks

➢ What matters most to whom driven by technology?

➢ Connects relevant digital risk strategies with specific risks

➢ The status of the digital control environment

➢ Depicts digital trends and significant changes

➢ Informed by risk professionals with an understanding of how

technology is affecting exposures and strategy

➢ Used to educate and keep leadership informed

Where Do Digital Risks Live?

Strategic

• Acquisitions

• Business model

• Competition

• Demographic

• Brand

• Disruptive innovation

• Market.

Operations

• Customer service

• Infrastructure

• Processes

• System capabilities

• Talent

• Technology

Financial

• Capital

• Cash flow

• Credit

• Debt obligations

• Foreign exchange

• Liquidity

• Etc.

External

• Economy

• Environment

• Geopolitical

• Regulatory

• Tax policies

• Weather events

• Etc.AN ENTERPISE RISK MANAGEMENT SPECTRUM

Explosion of digital creates risk exposures

▪ Overreliance on critical information infrastructure

▪ More digital processes exposed to cyber attacks, data theft

▪ Cyber risk aggregation scenarios

▪ Reliability of data from sensors is unproven

▪ Cascading failure from interconnected technologies

▪ Lack of standards in IoT

▪ Intersection of humans and technology

▪ Legacy systems unable to keep up, integrate with new

tech

▪ New sources of fraud from streamlined claims processes

▪ Legacy products not meeting needs created by new tech

▪ Technology that reduces losses also reduces premiums

Proof That Digital Risks Are Here: Top Risk for 2019

• Existing operations meeting performance expectations competing against born-digital firms

• Succession challenges and ability to attract and retain top talent

• Regulatory changes and scrutiny

• Cyber threats

• Resistance to change operations

Top Risks for 2019

• Rapid speed of disruptive innovations and new technologies

• Privacy, identity management and information security

• Inability to effectively utilize analytics and big data

• Organizational culture may not sufficiently encourage timely identification and escalation of risk issues

• Sustaining customer loyalty and retention

Source: Protiviti’s Board Perspectives and Risk Oversight; issue 111

Why Is Risk Appetite Needed?

• Aligns individual leaders’ risk preferences with organizational risk preference

– Different individual motivations

– Different professional and personal backgrounds

• Organizations often play at cusp of public good and private good, clarity often not pursued until too late

• Risk is at the heart of any business—risk appetite helps by:

– Promoting conscious risk taking and recognizing and accepting that risk taking will lead to failures

– Defining failures up front and making exit decisions easier

– Taking a portfolio perspective of risk and rewards

Key Questions Addressing Risk Taking➢ How much risk are we taking?

➢ How much risk can we take?

➢ How much risk do we prefer to take?

➢ How much risk do we need to take to reach our strategic goals?

➢ Which risks do we want to take and which risks are unacceptable to take and why?

➢ What is the gap between capacity and need?

➢ What actions can we take to close the gap to align with needs and stay within legal limits and preferences?

➢ If the gap between need and capacity is large, which strategies need to be modified and how?

➢ What stakeholders will be most affected by these modifications?

42

A digital transformation for risk would

mean a number of changes.

Risk would capture and

manage information

from a broader and richer set of data, looking

into nontraditional

sources like online

reviews.

Risk would automate

processes it controls and

work with others to do the same for

decision-heavy processes.

Risk would use advanced

analytics to further

improve the accuracy and

consistency of its models, in

part by greatly reducing the

biases.

Risk would embed

solutions into an

organization's website,

mobile appand corporate platform while

deploying a flexible risk

data architecture.

Inside the organization, leaders would consult self-

serve dashboards informed by

risk analyses—

and act on risk-driven strategic advice.

Risk would review and reshape its

mandate and role to

capitalize on its ability to

provide faster, more forward-

looking and deeper

insights and advice.

Risk would alter its organizational setup, as well as

its

culture,

talent and

ways of working.

Roadmap to the Digital Risk Future

Considerations for More Strategic Management of Risk

• Appetite, tolerances and materiality understoodo Identify the risks the board and senior management need to take, know and manage most effectively

• Risk strategy and profile definedo Drive a consensus around risk strategy, the risk profile and ensuring risk a key consideration in

planning/decision making

• Capable, informed and aligned risk stakeholderso Involve the right stakeholders in an effective and coordinated risk strategy that adds value in executing

corporate strategy

• Clear, understandable risk processo Enable board members, managers and employees to understand and be appropriately engaged in the risk

process

• Embedding risk intelligence into culture—build resilienceo Integrate risk management into all key business processes, including planning, operating and financing

activities

Takeaways • Digital and digital risk are both the present and the future as it subsumes business models and

the risk profile of all organizations.

• Emerging risks may not be controllable, but they must be addressed.

• Addressing strategic business model risk will vary company by company depending on culture, leadership support, internal and external risk profile, and risk tolerance.

• You must know your stakeholders, their priorities and their interests and role in a successful risk program and strategy.

• Your risk management strategy must include a measurement and reporting strategy and plan.

• A strong enterprise wide strategic risk framework and plan will help you prepare for and respond more effectively to the uncertainties of the future.

• Ultimately, the goal is to take more intelligent risks while building strategic digital resiliency in your organization.

44

Thank you!

Questions?

Chris Mandel, RIMS-CRMP, CPCU, ARM-E, RF

SVP Strategic Solutions, Sedgwick

& Director, the Sedgwick Institute

Chris.Mandel@Sedgwickinstitute.com

210-845-5804

Contact information

www.sedgwickcms.com www.sedgwickinstitute.com

© 2016 Sedgwick Claims Management Services, Inc. - Do not disclose or distribute.

Christopher E. Mandel, RF, RIMS-CRMP, CPCU, ARM-ESVP, Strategic Solutions, Sedgwick, Inc. &

Director, Sedgwick Institute

Christopher E. Mandel is the SVP for Strategic Solutions at Sedgwick and the Director of the Sedgwick Institute. In both roles he is engaged in helping Sedgwick chart its future through the long term planning for products, services and strategic solutions for this claims and productivity management firm. He is also co-founder and EVP, Professional Services for rPM3 Solutions, LLC as well as founder and president of Excellence in Risk Management, LLC. both independent consulting firms specializing in governance, risk and compliance, with a special emphasis on enterprise risk management. rPM3 Solutions holds a patent for a unique risk measurement process known as ARQ™. Prior to electing early retirement and for ten years from 2001-2010, Mr. Mandel was head of enterprise risk management for USAA Group, a $165 billion diversified financial services organization. At USAA, he designed, developed and led the enterprise-wide risk management and corporate insurance centers of excellence. He also served as President and Vice Chairman, Enterprise Indemnity CIC, Inc., an Arizona based alternative risk financing facility.

Mr. Mandel has more than 25 years of experience in risk management and insurance in large, global corporates. He has pioneered the development of cross-enterprise risk management capabilities resulting in S&P rating USAA as “excellent and a leader in ERM” from 2006 through 2010. In 2007, Treasury and Risk Magazine bestowed the Alexander Hamilton Award for “Excellence in ERM” on USAA. Mr. Mandel has been a long term senior leader in the Risk and Insurance Management Society including being elected President and Chief Risk Officer and was named Risk Manager of the Year in 2004. He also received RIMS’ Goodell Award (2016) for lifetime achievement.

Mr. Mandel’s deep, wide and diverse experience in all facets of risk management and insurance allows him to offer those interested in managing risk with excellence to engage him to provide everything from a comprehensive strategy and complete ERM framework to targeted guidance, tools, techniques and/or training. Mr. Mandel’s innovative approach to making risk a key strategically placed and results oriented function results from solidly connecting risk management outputs to a company’s key performance metrics and ultimately, mission accomplishment.

Mr. Mandel received his B.S. in Business Management from Virginia Polytechnic Institute and State University and an MBA in finance from George Mason University. He holds the CCSA, CPCU, ARM and AIC designations and is a frequent industry speaker, teacher and writer. He writes the “Risk Innovation” column for Risk and Insurance magazine and in 2008 was elected a member of Risk Who’s Who (RWW). He also wrote the Ask a Risk Manager column for Business Insurance from 1996 through 2008.

CONTACT: Chris.Mandel@sedgwick.com 210-698-8056 o 210-845-5804 m https://www.sedgwick.com

48

Sedgwick © 2013 Confidential – Do not disclose or distribute. 49

Sedgwick CMS

The leader in innovative claims and productivity management solutions

Sedgwick Claims Management Services, Inc. is the leading North American provider of innovative claims and productivity management solutions. Sedgwick and its affiliated companies deliver cost-effective claims, productivity, managed care, risk consulting, and other services to clients through the expertise of more than 21,000 colleagues in 900 offices located in 65 countries. The company specializes in workers’ compensation; disability, FMLA and other employee absence; managed care; general, automobile and professional liability; warranty and credit card claims services; fraud and investigation; structured settlements; and Medicare compliance solutions. Sedgwick and its affiliates design and implement customized programs based on proven practices and advanced technology that exceed client expectations. For eight years in a row, Sedgwick has been awarded the distinguished Employer of Choice® certification, the only third-party administrator (TPA) to receive this designation. In 2011 and 2012, the company was named the Best Overall TPA by buyers of risk services through an independent survey conducted by Business Insurance. For more see www.sedgwick.com.

© 2018, Sedgwick Claims Management Services, Inc. applies to all content except where otherwise noted

Sedgwick © 2013 Confidential – Do not disclose or distribute. 50

The Sedgwick Institute

Vision

Launched I 2016, the Sedgwick Institute serves as an incubator for some of the best and brightest minds to advance the conversations that affect all the players in our industry, including injured and ill members of the workforce, insurance carriers, employers, property owners, third party claims administrators, brokers, lawmakers and medical providers. The institute’s thought leaders work individually and collaboratively to examine selected complex challenges facing the various stakeholders in our space and propose innovative options and solutions to improve public and private decision making on these issues.

Purpose

The Sedgwick Institute is an interdisciplinary community of thought leaders dedicated to helping drive dialogue and action around issues affecting the risk and benefits industry.

Who

To fulfill its evolving agenda, the Sedgwick Institute leverages both full- and part-time expertise from business, government, academia and other industry sources, through visiting or full-time fellow positions. While no specific minimum criteria are anticipated, decisions about institute appointments will be primarily a function of the issues selected to populate the agenda as it develops and evolves.

Visit us at: www.sedgwickinstitute.com & at LinkedIn

Roadmap to the Digital Risk Future

• digital transformation for risk would mean a number of changes.

• Risk would capture and manage information from a broader and richer set of data, looking into nontraditional sources like business-review ratings online.

• Risk would automate processes it controls, and work with others to do the same for decision-heavy processes.

• Risk would use advanced analytics to further improve the accuracy and consistency of its models, in part by greatly reducing the biases

• Risk would embed its solutions into an organization’s website, its mobile app, and its corporate platform, while deploying a flexible risk data architecture.

• Inside the organization, leaders would consult self-serve dashboards informed by risk analyses—and act on risk-driven strategic advice.

• Risk would review and reshape its mandate and role to capitalize on its ability to provide faster, more forward-looking, and deeper insights and advice.

• Risk would alter its organizational setup, as well as its culture, talent, and ways of working.